HOME

ABOUT STC

CONFERENCE ORGANIZATION

PRESENTER INFORMATION

KEYNOTES

TUTORIALS

EXHIBITORS AND SUPPORTERS

SCHEDULE

REGISTRATION

TRAVEL & LODGING

CONTACT US

PROCEEDINGS

IEEE STC Facebook Page IEEE STC Facebook Page


Abstract Details

<< Back to Schedule

10/15/2015  |   8:45 AM - 9:30 AM   |  Pacific I

Benefits of Deploying Inherently Secure Nodes Within a Distributed System

Current computers are inherently insecure, causing cyberattacks to be a major concern to commercial and defense organizations. Computing hosts use an architecture designed when 8 Kbytes was a lot of memory and internet connectivity was over a decade away. The world has changed, but our computer architectures have not. With underlying hosts having flawed security, the networked systems built out of them are insecure. The SAFE (Semantically Aware Foundation Environment) [1] platform was developed by BAE Systems with several university partners. SAFE is designed from the hardware up to be inherently secure. Deployment of a SAFE-based security proxy as a guard in a distributed system can provide significant computational resiliency and permit a system to “compute through” a cyber-attack. We present simulation results that show that placing security-related intrusion monitors on SAFE processors (as opposed to on vulnerable conventional systems) dramatically increases the overall health of a distributed system. We model a distributed system protected by a combination of network- and host-based detection and remediation infrastructure. The model is parameterized according to the accuracy of attack detection, the likelihood of attack success, and the ratio of security-related resources to general computation resources. In order to model and analyze attack propagation within the network, we developed a generalized network simulation with flexible parameterization. The simulation parameters are general enough that these results extend to a wide range of security frameworks that attempt to detect and adapt to security incidents. The model assumes that once a node is successfully attacked, it becomes an attacker. When a node detects another node issuing attacks, it orders the attacking node to reboot to an uncorrupted state, though still vulnerable to future attacks. Simulations show, e.g., if the probability of attack detection is 30%, and the probability of an undetected attack successfully corrupting a node is 30%, the steady state fraction of healthy (non-compromised) nodes ranges from 12% (system is essentially unusable) with no SAFE nodes, to 49% (system supports high priority computations) if 15% of the nodes are SAFE to 91% (system within normal operational range) if 50% of the nodes are SAFE nodes. One way to employ secure processors is to have a gateway node protecting each enclave of legacy computers [2] as an interface between the computers and the network. This added security comes without any changes to the legacy computers. We suggest using a SAFE network proxy as the gateway to each enclave of legacy computers. The security within a network of legacy computers further increases as the fraction of gateways which are inherently secure increases. This is an ideal application for a new inherently secure architecture, as it requires hosting primarily a network stack as opposed to a complete application stack necessary to replace compute nodes. In the limit, using a low cost SAFE network proxy to protect each legacy computational node can be cost effective. REFERENCES [1] Udit Dhawan, et al. Hardware support for safety interlocks and introspection. 2012 [2]Michael Figueroa, et al. A SOUND Approach to Security in Mobile and Cloud-Oriented Environments. 2015

Presentation:
This presentation has not yet been uploaded.

Handouts:
No handouts have been uploaded.

Howard Reubenstein (Primary Presenter,Author,Co-Author), BAE Systems, Howard.Reubenstein@BAESystems.com;
Dr. Howard Reubenstein is a Section Leader and Senior Principal Engineer at BAE Systems Technology Solutions. Dr. Reubenstein's research experience is in the area of AI and reasoning technologies applied to software engineering problems including research on the application of software reverse engineering tools and their use in understanding software architectures. He is currently the PI and was the software engineering and demonstration lead for the SAFE secure host computing project under DARPA's CRASH program. As software lead he was responsible for combining and deploying the project's security mechanisms in application demonstrations that illustrate the overall security provided by the SAFE platform.

Joseph Fahey (Author,Co-Author), BAE Systems, Joseph.Fahey@BAESystems.com;
Joseph Fahey received his B.S. degree in Computer Science and Electrical Engineering from MIT in 2010, and an M.S. in Computer Science and Electrical Engineering from MIT in 2011 during a fellowship at BAE Systems focusing on qualitative reasoning, tracking, and probabilistic reasoning over time on the DARPA Deep Green program. He is currently a senior software engineer at BAE Systems in Burlington, Massachusetts where he is involved in secure web-based applications and architectures, in addition to war-gaming, military plan modeling and tracking.

David Wittenberg (Author,Co-Author), BAE Systems, david.wittenberg@baesystems.com;
Dr. David Wittenberg is a Research Engineer at BAE Systems Technology Solutions. He has 15 years of research, development, teaching, and technology experience in the areas of computer security, interval methods, hybrid systems, cryptography, and formal languages and automata. He has worked in academic and commercial environments.

Gregory Sullivan (Author,Co-Author), Charles Stark Draper Laboratory, gtsullivan@draper.com;
Dr. Gregory Sullivan was a Principal Engineer at BAE Systems Technology Solutions. He has been engaged in research in cybersecurity, programming languages, formal methods, self-adaptive software, software engineering, machine learning, and AI planning. Greg has a Ph.D. from Northeastern University, where his thesis involved compiler correctness proofs. Before joining BAE Systems, Greg worked at MIT CSAIL, researching dynamic languages, aspect-oriented programming, and model-based programming and verification of autonomous systems. While at BAE Systems, Greg led projects in secure systems, zero-day attack detection and response, adaptive compiler optimization, model-based software engineering, and AI planning. Since the work on the SAFE project, Greg has moved to Draper Laboratory.

2013 Sponsors: IEEE and IEEE Computer Society

This site and all contents (unless otherwise noted) are Copyright ©2013 IEEE. All rights reserved.